Category: storage security

Non-Cryptic Answers to Common Cryptography Questions

AlexMcDonald
The SNIA Networking Storage Forum’s Storage Networking Security Webcast Series continues to examine the many different aspects of storage security. At our most recent webcast on applied cryptography, our experts dove into user authentication, data encryption, hashing, blockchain and more. If you missed the live event, you can watch it on-demand. Attendees of the live event had some very interesting questions on this topic and here are answer to them all: Q. Can hashes be used for storage deduplication?  If so, do the hashes need to be 100% collision-proof to be used for deduplication? A. Yes, hashes are often used for storage deduplication. It’s preferred that they be collision-proof but it’s not required if the deduplication software does a bit-by-bit comparison of any files that produce the same hash in order to verify if they really are identical or not. If the hash is 100% collision-proof then there is no need to run bit-by-bit comparisons of files that produce the same hash value. Q. Do cloud or backup service vendors use blockchain proof of space to prove to customers how much storage space is available or has been reserved?    Read More

A Q&A on Protecting Data-at-Rest

Steve Vanderlinden
One of the most important aspects of security is how to protect the data that is just “sitting there” called data-at-rest. There are many requirements for securing data-at-rest and they were discussed in detail at our SNIA Networking Storage Forum (NSF) webcast Storage Networking Security: Protecting Data-at-Rest. If you missed the live event, you can watch it on-demand and access the presentation slides here. As we promised during the webcast, here are our experts’ answers to the questions from this presentation: Q. If data is encrypted at rest, is it still vulnerable to ransomware attacks? A. Yes, encrypted data is still vulnerable to ransomware attacks as the attack would simply re-encrypt the encrypted data with a key known only to the attacker. Q. The data at rest is best implemented at the storage device. The Media Encryption Key (MEK) is located in the devices per the Trusted Computing Group (TCG) spec. NIST requires the MEK to be sanitized before decommissioning the devices. But devices do fail, because of a 3-5 year life span. Would it be better to manage the MEK in the Key Management System (KMS) or Hardware Security Module (HSM) in cloud/enterprise storage? Read More

Applied Cryptography Techniques and Use Cases

AlexMcDonald
The rapid growth in infrastructure to support real time and continuous collection and sharing of data to make better business decisions has led to an age of unprecedented information storage and easy access. While collection of large amounts of data has increased knowledge and allowed improved efficiencies for business, it has also made attacks upon that information—theft, modification, or holding it for ransom — more profitable for criminals and easier to accomplish. As a result, strong cryptography is often used to protect valuable data. The SNIA Networking Storage Forum (NSF) has recently covered several specific security topics as part of our Storage Networking Security Webcast Series, including Encryption101, Protecting Data at Rest, and Key Management 101. Now, on August 5, 2020, we are going to present Applied Cryptography. In this webcast, our SNIA experts will present an overview of cryptography techniques for the most popular and pressing use cases. We’ll discuss ways of securing data, the factors and trade-off that must be considered, as well as some of the general risks that need to be mitigated. We’ll be looking at: Read More

Ready for a Lesson on Security & Privacy Regulations?

J Metz
Worldwide, regulations are being promulgated and aggressively enforced with the intention of protecting personal data. These regulatory actions are being taken to help mitigate exploitation of this data by cybercriminals and other opportunistic groups who have turned this into a profitable enterprise. Failure to meet these data protection requirements puts individuals at risk (e.g., identity theft, fraud, etc.), as well as subjecting organizations to significant harm (e.g., legal penalties). The SNIA Networking Storage Forum (NSF) is going to dive into this topic at our Security & Privacy Regulations webcast on July 28, 2020. We are fortunate to have experts, Eric Hibbard and Thomas Rivera, share their expertise in security standards, data protection and data privacy at this live event.  This webcast will highlight common privacy principles and themes within key privacy regulations. In addition, the related cybersecurity implications will be explored. We’ll also probe a few of the recent regulations/laws to outline interesting challenges due to over and under-specification of data protection requirements (e.g., “reasonable” security). Attendees will have a better understanding of:
  • How privacy and security is characterized
  • Data retention and deletion requirements
  • Core data protection requirements of sample privacy regulations from around the globe
  • The role that security plays with key privacy regulations
  • Data breach implications and consequences
This webcast is part of our Storage Networking Security Webcast Series. I encourage you to watch the presentations we’ve done to date on: And I hope you will register today and join us on July 28th for what is sure to be an interesting look into the history, development and impact of these regulations.   

Key Management FAQ

J Metz

Key management focuses on protecting cryptographic keys from threats and ensuring keys are available when needed. And it’s no small task. That's why the SNIA Networking Storage Forum (NSF) invited key management and encryption expert, Judy Furlong, to present a “Key Management 101” session as part our Storage Networking Security Webcast Series. If you missed the live webcast, I encourage you to watch it on-demand as it was highly-rated by attendees. Judy answered many key management questions during the live event, here are answers to those, as well as the ones we did not have time to get to.

Q. How are the keys kept safe in local cache?

Read More

Encryption Q&A

AlexMcDonald

Ever wonder how encryption actually works? Experts, Ed Pullin and Judy Furlong, provided an encryption primer to hundreds of attendees at our SNIA NSF webcast Storage Networking Security: Encryption 101. If you missed it, It’s now available on-demand. We promised during the live event to post answers to the questions we received. Here they are:

Q. When using asymmetric keys, how often do the keys need to be changed?

A. How often asymmetric (and symmetric) keys need to be changed is driven by the purpose the keys are used for, the security policies of the organization/environment in which they are used and the length of the key material. For example, the CA/Browser Forum has a policy that certificates used for TLS (secure communications) have a validity of no more than two years.

Read More

Key Management 101

J Metz
There’s a lot that goes into effective key management. In order to properly use cryptography to protect information, one has to ensure that the associated cryptographic keys themselves are also protected. Careful attention must be paid to how cryptographic keys are generated, distributed, used, stored, replaced and destroyed in order to ensure that the security of cryptographic implementations is not compromised. It’s the next topic the SNIA Networking Storage Forum is going to cover in our Storage Networking Security Webcast Series. Join us on June 10, 2020 for Key Management 101 where security expert and Dell Technologies distinguished engineer, Judith Furlong, will introduce the fundamentals of cryptographic key management. Key (see what I did there?) topics will include:
  • Key lifecycles
  • Key generation
  • Key distribution
  • Symmetric vs. asymmetric key management, and
  • Integrated vs. centralized key management models
In addition, Judith will also dive into relevant standards, protocols and industry best practices. Register today to save your spot for June 10th we hope to see you there.

Encryption 101: Keeping Secrets Secret

AlexMcDonald
Encryption has been used through the ages to protect information, authenticate messages, communicate secretly in the open, and even to check that messages were properly transmitted and received without having been tampered with. Now, it’s our first go-to tool for making sure that data simply isn’t readable, hearable or viewable by enemy agents, smart surveillance software or other malign actors. But how does encryption actually work, and how is it managed? How do we ensure security and protection of our data, when all we can keep as secret are the keys to unlock it? How do we protect those keys; i.e., “Who will guard the guards themselves?” It’s a big topic that we’re breaking down into three sessions as part of our Storage Networking Security Webcast Series: Encryption 101, Key Management 101, and Applied Cryptography. Join us on May 20th for the first Encryption webcast: Storage Networking Security: Encryption 101 where our security experts will cover:
  • A brief history of Encryption
  • Cryptography basics
  • Definition of terms – Entropy, Cipher, Symmetric & Asymmetric Keys, Certificates and Digital signatures, etc. 
  • Introduction to Key Management
I hope you will register today to join us on May 20th. Our experts will be on-hand to answer your questions.

Storage Networking Security Series: Protecting Data at Rest

Steve Vanderlinden
Contrary to popular belief, securing “data at rest” does not simply mean encrypting the data prior to storage. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are as important as encryption. It’s the next topic the SNIA Networking Storage Forum (NSF) will cover in our Storage Networking Security Series. On April 29, 2020, we will host a live webcast, “Storage Networking Security Series: Protecting Data at Rest,” where we will cover the end-to-end process of securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated. As this series shows, there are many places along the chain where a weak link can break the entire process. One of the key aspects of keeping data secure – and probably the place where most people think of security – is what happens when the data is “at rest,” or being stored in some sort of stable media. Read More

A Q&A to Better Understand Storage Security

Steve Vanderlinden
Truly understanding storage security issues is no small task, but the SNIA Networking Storage Forum (NSF) is taking that task on in our Storage Networking Security Webcast Series. Earlier this month, we hosted the first in this series, “Understanding Storage Security and Threats” where my SNIA colleagues and I examined the big picture of storage security, relevant terminology and key concepts. If you missed the live event, you can watch it on-demand. Our audience asked some great questions during the live event. Here are answers to them all. Q. If I just deploy self-encrypting drives, doesn’t that take care of all my security concerns?  Read More